Analysis of SpyderSec challenge solving ideas

Analysis of SpyderSec challenge solving ideas

 

The challenge we are going to solve today is very interesting. It is called SpyderSec. We will build it on the VirtualBox Virtual Machine and open Nmap. After Nmap scans, it will only open port 80. In the browser, type 192.168.0.7 and we will see a webpage.

Obtain. FBI video files

?? Use the WEB fuzzy testing tool dirbuster for the target, but no interesting information is obtained. Here we can see that there is a directory named V, and access is forbidden .??

 

Go back to the webpage to view its source code. Here we have found a confusing JavaScript script code:

 

After this JavaScript script is reversed, a string of hexadecimal code is obtained:

 

Decrypts the hexadecimal ASCII code. We found a JS alert notification.

 

We can see that it is to print mulder. fbi, it looks like a certain type of file. After configuring the browser for Burp Suite, the application's communication traffic is intercepted. We found that the URL specified in set-cookies is a directory path.

 

Open this directory to display Access prohibited, and then after the directory name, we will add the file name that we learned from JavaScript mulder. fbi, OK

 

Decrypt the image to obtain the password

Google searches for the FBI file format to find that it is a video file format. I tried to play this video, but I didn't know anything. Then I had to go to the web page to find other useful clues and save the entire html page. In a folder, we found an image named challenge.png:

 

Try to check the metadata of the image (Meta data) to explore more clues and upload it to the online ExifTool Website:

 

 

Get all the metadata of the image. The comment part is a string of hexadecimal code.

 

Decrypt the hexadecimal code to obtain a base64 string. After decrypting the base64 string, you can obtain something that looks like a password.

 

Flag is obtained successfully.

Now we have the mulder. fbi file and a string that looks like a password. Google searches for a video lock. We can see in an article how to hide information in the video by using the TrueCrypt tool. After TrueCrypt is enabled, a driver is installed and a prompt is displayed, prompting us to enter the password. Use the obtained password to create a disk in our computer.

 

As we can see, a driver is being installed:

 

Open a hard disk and find the flag.txt file: